Jump to content

Sign in to follow this  
jeffhunter

NIS 2005 Intrusion Detection Alert with AS2004.5

Recommended Posts

Hi Guys,Thank you for the update.Unfortunately, since installing it, I've had some real problems with NIS2005. The boffins at symantec have managed to make ccapp.exe unstoppable, so that the only option is to disable nis, with a significant memory penalty. If I don't I get a repeated warning that AS is attempting to connect to the internet. Even if I say it's ok, I get another warning in about 20 seconds. Aaaaarghhh!!My drama is this. NIS refuses to let me tell it that AS2004.5 is OK to connect to the 'net. If I disable my firewall, I get an alert telling me that an attempt was made to connect to my computer using a method characteristic of the MS_RPC_DCOM_BUFFER_OVERFLOW attack. two of the IP address were 147.10.106.131 and 146.10.125.92.I'm reluctant to tell NIS that these addresses are trusted unless I know that they are from you guys.I've emailed Symantec, with predictably useless support, suggesting that I do all the bleeding obvious.Any ideas gratefully received.Thanks,Jeff

Share this post


Link to post
Share on other sites

Hi Jeff,I am not familiar with Symantec's NIS firewall. Those IP addresses are not ours, but they could easily be mid-point routing nodes and a byproduct of the AS2004.5 server connection attempt. Not sure.Why can AS2004.5 not be configured as a trusted app? Is there a "learn" mode of NIS which allows you to temporarily "watch" what an app does to make sure all its components are correctly accounted for? Many firewall apps have such feature.Anyone else running NIS that might be able to help? Sorry Jeff I don't have any other ideas!

Share this post


Link to post
Share on other sites

Jeff, I would first remove the (all, if more than 1 exists) AS2004 entry from NIS database. You can do this in the 'Configure' option of the firewall. It shows a list of all applications that have been registered in NIS, either automatically by Symantec rules or approved by you. Once AS2004 is removed, try downloading weather again. NIS should ask you if AS2004 is to be trusted. Answer 'yes' and select the option that NIS will not ask again.I'm using F-Secure at the moment, but have been using NIS before. So I'm not sure about the actual wordings/texts being used in NIS.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...